I’m going to show how to automate dump analysis using a Slackbot but using telegram bot is also quite same.

In order automate dump analysis, Visual Studio or WinDbg can be used in theory, however writing a script which behaves manipulate other application which has GUI interface, emulating keyboard and mouse inputs, and reading the specific text within edit control from running application going to be a challenge. You might accomplish it using Windows Automation API, but Windows Debugger Toolset provides a better way command line-based utility such as cdb.exe.

CDB.EXE

cdb.exe is located same directory where WinDbg.exe resides.

Following page has basic instructions how to open a dump file with cdb.exe from command line.

You can use ‘-c’ to pass initial command runs followed by opening the dump. Each command is separated by ‘;’ so that enables carry out multiple command at once. For example, “u @eip; r; q” will show the disassembly since @EIP points, prints out registers and quit the cdb.exe itself then.

If everything goes well, you’ll see the small snippet prints that string to the Slack channel as below:

Read a command and do analysis from the Bot

Using the WebAPI based ‘api_call’ was simple to use but it’s not enough to receive real time messages others talking from the channel. For that purpose, the SlackClient provides Real Time Messaging API(RTM API).